UFS Encrypted Automated Install

Polytropon freebsd at edvax.de
Thu Mar 7 04:35:36 UTC 2019

On Wed, 6 Mar 2019 11:29:40 +0100 (CET), su- at tutamail.com wrote:
> I just found it very odd the installer had an option to auto encrypt
> zfs (which i assume is done on the same principles as you highlighted
> below) and not for UFS...   

Yes. ZFS encryption uses GELI to encrypt the block devices
that are then used by ZFS, like this:

	# gpart create -s gpt ...
	# gpart add -t freebsd-zfs

	# geli init ...
	# geli attach ...

	# zpool create ...
	# zfs mount ...

Like the manual UFS approach (partition, geli, newfs, mount),
ZFS is initialzed by the installer (partition, geli, z/create,
z/mount) for further use. So basically it's the same approach,
which in my opinion leads to the conclusion that adding UFS
encryption to bsdinstall should be possible without bigger
problems. :-)

Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

More information about the freebsd-questions mailing list